143ef51a270318b9e0ecbd31891b6190ee62658aef4391ac1e9b64d3340c4d4c

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
29/10/2023, 22:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

143ef51a270318b9e0ecbd31891b6190ee62658aef4391ac1e9b64d3340c4d4c.exe
Size

1.1MB
MD5

705f18ec1261e9fdcca77128b7c28a93
SHA1

c2deb231ab49e09e457bcbfba582d73dad648264
SHA256

143ef51a270318b9e0ecbd31891b6190ee62658aef4391ac1e9b64d3340c4d4c
SHA512

79d59107cd382af5048e2dde102ceb403f459e6a05f147729ec0ae89066d55a504609e799fda3855dc5a1293c14a8697c63ec4c20516d383622aec4f5da7d929
SSDEEP

24576:JtOAl29Ad87kHCADReQuSC2FdHI3b1OQ:Jo887kHCNQ2oHI3b

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 860 set thread context of 2512	860	143ef51a270318b9e0ecbd31891b6190ee62658aef4391ac1e9b64d3340c4d4c.exe	28

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2672	2512	WerFault.exe	28

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 860 wrote to memory of 2512	860	143ef51a270318b9e0ecbd31891b6190ee62658aef4391ac1e9b64d3340c4d4c.exe	28
PID 860 wrote to memory of 2512	860	143ef51a270318b9e0ecbd31891b6190ee62658aef4391ac1e9b64d3340c4d4c.exe	28
PID 860 wrote to memory of 2512	860	143ef51a270318b9e0ecbd31891b6190ee62658aef4391ac1e9b64d3340c4d4c.exe	28
PID 860 wrote to memory of 2512	860	143ef51a270318b9e0ecbd31891b6190ee62658aef4391ac1e9b64d3340c4d4c.exe	28
PID 860 wrote to memory of 2512	860	143ef51a270318b9e0ecbd31891b6190ee62658aef4391ac1e9b64d3340c4d4c.exe	28
PID 860 wrote to memory of 2512	860	143ef51a270318b9e0ecbd31891b6190ee62658aef4391ac1e9b64d3340c4d4c.exe	28
PID 860 wrote to memory of 2512	860	143ef51a270318b9e0ecbd31891b6190ee62658aef4391ac1e9b64d3340c4d4c.exe	28
PID 860 wrote to memory of 2512	860	143ef51a270318b9e0ecbd31891b6190ee62658aef4391ac1e9b64d3340c4d4c.exe	28
PID 860 wrote to memory of 2512	860	143ef51a270318b9e0ecbd31891b6190ee62658aef4391ac1e9b64d3340c4d4c.exe	28
PID 860 wrote to memory of 2512	860	143ef51a270318b9e0ecbd31891b6190ee62658aef4391ac1e9b64d3340c4d4c.exe	28
PID 860 wrote to memory of 2512	860	143ef51a270318b9e0ecbd31891b6190ee62658aef4391ac1e9b64d3340c4d4c.exe	28
PID 860 wrote to memory of 2512	860	143ef51a270318b9e0ecbd31891b6190ee62658aef4391ac1e9b64d3340c4d4c.exe	28
PID 860 wrote to memory of 2512	860	143ef51a270318b9e0ecbd31891b6190ee62658aef4391ac1e9b64d3340c4d4c.exe	28
PID 860 wrote to memory of 2512	860	143ef51a270318b9e0ecbd31891b6190ee62658aef4391ac1e9b64d3340c4d4c.exe	28
PID 2512 wrote to memory of 2672	2512	AppLaunch.exe	29
PID 2512 wrote to memory of 2672	2512	AppLaunch.exe	29
PID 2512 wrote to memory of 2672	2512	AppLaunch.exe	29
PID 2512 wrote to memory of 2672	2512	AppLaunch.exe	29
PID 2512 wrote to memory of 2672	2512	AppLaunch.exe	29
PID 2512 wrote to memory of 2672	2512	AppLaunch.exe	29
PID 2512 wrote to memory of 2672	2512	AppLaunch.exe	29

C:\Users\Admin\AppData\Local\Temp\143ef51a270318b9e0ecbd31891b6190ee62658aef4391ac1e9b64d3340c4d4c.exe
"C:\Users\Admin\AppData\Local\Temp\143ef51a270318b9e0ecbd31891b6190ee62658aef4391ac1e9b64d3340c4d4c.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:860
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2512
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 196
    3⤵
    - Program crash
    PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2512-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2512-2-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2512-1-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2512-3-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2512-4-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2512-6-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2512-5-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2512-7-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2512-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2512-11-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads